Are they both same? Thanks.
$user = $_POST['user'];
$user = mysql_real_escape_string($user);
$result = mysql_fetch_array(mysql_query("SELECT * FROM accounts WHERE id='$user'"));
vs
$user = $_POST['user'];
$result = mysql_fetch_array(mysql_query(sprintf("SELECT * FROM accounts WHERE id='%s'",mysql_real_escape_string($user))));
Yes, that is equivalent.
You can verify it like this:
$user = $_POST['user'];
$user = mysql_real_escape_string($user);
echo "SELECT * FROM accounts WHERE id='$user'";
-vs-
$user = $_POST['user'];
echo sprintf("SELECT * FROM accounts WHERE id='%s'", mysql_real_escape_string($user));
Yes, they are the same
Yes they're equivalent. Usually though, you will use sprintf
to make the code easier to read, and the query easier to modify:
$user = $_POST['user'];
$sql = sprintf("SELECT * FROM accounts WHERE id='%s'",
mysql_real_escape_string($user)
);
$result = mysql_fetch_array(mysql_query($sql));
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.